Tag Archive for: Defender

Colorado public defender cyberattack may have exposed personal data

/in


A screenshot shows redacted text messages provided to The Denver Post by the Governor’s Office of Information Technology in response to an open records request about the ransomware attack on the Office of the Colorado State Public Defender. (Image via Governor’s Office of Information Technology)

The Office of the Colorado State Public Defender has acknowledged personal data may have been stolen during a ransomware attack that crippled the statewide agency in early February — but won’t say much else about the ongoing effort to restore its systems after the hack.

Files “were copied without permission” during the cyberattack, which was discovered on Feb. 9, and those files may have included names, Social Security numbers, driver’s license numbers, medical information and health insurance information, the agency said in a statement Friday.

Officials from the public defender’s office are still investigating whose personal data may have been stolen, and whether the personal data of attorneys or their clients was compromised, they said. A statement on the agency’s website urges “individuals” to remain vigilant against identity theft and fraud.

It’s been more than a month since public defenders across the state were locked out of their computers and files in the ransomware attack and hundreds of court hearings were delayed over the next week because public defenders couldn’t do their jobs.

Officials this week refused to answer questions from The Denver Post about what particular parts of the agency’s systems remain inoperable. In a ransomware attack, hackers use malware to hold an organization’s data hostage then demand a payment in cryptocurrency in order for organizations to regain access to that data.

The public defender’s office also would not disclose the amount of ransom demanded or whether a ransom was paid. A statement on the agency’s website says the office has “made progress in returning to full operations.”

Heavily redacted emails and text messages released to The Post by the Governor’s Office of Information Technology this week in response to an open records request mention the cyberattack recovery law…

Source…

DarkMe Malware Exploits Windows Defender Vulnerability: Microsoft Issues Patch

/in


Cybersecurity firm Trend Micro’s Zero Day Initiative recently unmasked a critical vulnerability, designated as CVE 2024-21412, that enabled the notorious APT group Water Hydra to circumvent Microsoft Defender SmartScreen and unleash the DarkMe malware upon unsuspecting victims. In a timely response, Microsoft has since patched the vulnerability, and Trend Micro now offers protection against this insidious threat.

The DarkMe Malware: A Sinister Force Unleashed

The DarkMe malware, a formidable adversary in the cyber world, has gained notoriety for its ability to infiltrate systems and wreak havoc on a grand scale. This malware variant, also known as TrojanWin32Powessere.G or ‘POWERLIKS’, typically employs the rundll32.exe file to execute its nefarious operations. Under normal circumstances, Windows Defender thwarts such attempts, presenting attackers with an ‘Access is denied’ error message.

However, the recently discovered vulnerability has provided a chink in Windows Defender’s armor, allowing the DarkMe malware to slip through the cracks and infect countless systems. By inserting multi-commas (,,) when referencing mshtml, cybercriminals found a way to bypass the mitigation measures, enabling the trojan to execute successfully and leaving victims at the mercy of the Water Hydra APT group.

The Vulnerability: A Critical Flaw in Windows Defender SmartScreen

The vulnerability, classified as having a high severity rating, requires local network access to be exploited. This means that an attacker must first gain entry to a victim’s network before they can capitalize on the flaw. Once inside, the attacker can then leverage the vulnerability to bypass Windows Defender SmartScreen, paving the way for the DarkMe malware to infiltrate the system.

The discovery of this vulnerability has sent shockwaves through the cybersecurity community, as it highlights the ever-evolving nature of the threats we face in today’s digital landscape. As cybercriminals continue to refine their tactics and develop new methods of attack, it’s crucial that cybersecurity professionals remain vigilant and proactive in their efforts to protect against such…

Source…

Microsoft Defender Flags Tor Browser as Win32/Malgent!MTB Malware

/in


The detection of Tor browser’s latest version as Win32/Malgent!MTB malware is likely a false positive.

Microsoft Defender, a popular antivirus program, is apparently falsely flagging Tor Browser as Win32/Malgent!MTB malware. This is causing concern for users who rely on the Tor Browser to protect their privacy and security.

Tor Browser is a free and open-source web browser that uses the Tor network to anonymize browsing traffic. This makes it a popular choice for users who want to protect their privacy online.

Microsoft Defender is detecting the latest version of Tor Browser as malware because it is using a new heuristic detection method that is designed to identify Trojans that use Tor to hide their activity. However, the heuristic method is too broad and also flags the Tor Browser itself as malware.

Microsoft Defender Flags Tor Browser as Win32/Malgent!MTB Malware
Users have been reporting the issue. The first screenshot is from a well-known Russian cybercrime and hacker forum, while the rest of the screenshots were sourced from Reddit (Credit: Hackread.com)

What is the heuristic detection method?

Heuristic detection is a method of detecting malware that uses rules and algorithms to identify suspicious behaviour. It is different from signature-based detection, which relies on a database of known malware signatures.

Heuristic detection methods can be very effective at detecting new and emerging malware threats, but they can also generate false positives. This is because heuristic detection methods can sometimes flag benign software as malware.

According to Microsoft, its Defender security solution uses a combination of signature-based and heuristic detection methods to protect users from malware. However, the recent false positive detections of Tor Browser suggest that the heuristic detection method in Microsoft Defender may be too broad.

Win32 Malgent!MTB malware?

Win32/Malgent!MTB is a generic detection that Microsoft Defender uses to identify Trojans that are designed to perform a variety of malicious actions on a computer.

These actions can include downloading and installing other malware, using the computer for click fraud, recording keystrokes and the websites visited, sending information about…

Source…

Celerium Announces Compromise Defender™ Solution with Defensive Support Against Cl0p/MOVEit Ransomware Threats

/in


Compromise Defender is a new Celerium solution that implements in 30 minutes and leverages automation to detect and disrupt cyber compromise activity.

TYSON’S CORNER, June 22, 2023 /PRNewswire/ — Celerium Inc., a leading cyber defense company, today announces the release of its latest cybersecurity solution, Compromise Defender™. As an integral part of Celerium’s Cyber Defense Network™, this innovative solution combines rapid implementation and automation to provide early detection and defense of compromise activity.

Celerium powers active cyber defense solutions to help protect companies and communities from increasing cyberattacks. (PRNewsfoto/Celerium)

Celerium powers active cyber defense solutions to help protect companies and communities from increasing cyberattacks. (PRNewsfoto/Celerium)

Research by IBM found that the average detection time of a data breach is around 200 days, nearly seven months. The need for early detection and defense against compromise activity, which often succeeds the network intrusion phase of a cyber incident and can be a precursor to later-stage ransomware and data breach attacks, is more critical than ever. Celerium created Compromise Defender to address this need.

“Small and medium-sized businesses and local government organizations are overloaded and overwhelmed with cybersecurity challenges,” said Tommy McDowell, General Manager of Celerium. “Our aim with Compromise Defender is to lighten their load by providing a real-time, automated solution that not only detects threats early but also launches an effective defense.”

Celerium specifically designed Compromise Defender for busy and overloaded organizations, with quick setup and easy operation:

  • 30-minute non-intrusive implementation, without any hardware or software to install.

  • Secure connectivity between an organization’s perimeter firewalls to Celerium’s Decision Engine hosted on the AWS cloud.

  • 100% automated, eliminating the need for integration with SIEM or IT security stack solutions.

  • Autonomous operation, requiring no IT staff for day-to-day management.

  • Real-time automated defense mechanisms to block network threats and compromise activity. The real-time mechanism re-optimizes network defense measures every 15 minutes.

  • Integrated automated analysis and reporting platforms show compromise activity (of reconnaissance, C2 server…

Source…